storm-control
To enable traffic storm control on an access circuit (AC) or access pseudowire (PW) under a VPLS bridge, use the storm-control command in l2vpn bridge group bridge-domain access circuit configuration mode or l2vpn bridge group bridge-domain pseudowire configuration mode. To disable traffic storm control, use the no form of this command.
storm-control {broadcast | multicast | unknown-unicast} { pps pps value | kbps kbps value}
Syntax Description
broadcast |
Configures traffic storm control for broadcast traffic. |
multicast |
Configures traffic storm control for multicast traffic. |
unknown-unicast |
Configures traffic storm control for unknown unicast traffic.
|
pps pps value |
Configures the packets-per-second (pps) storm control threshold for the specified traffic type. Valid values range from 1 to 160000. |
kbps kbps value |
Configures the storm control in kilo bits per second (kbps). The range is from 64 to 1280000. |
Command Default
Traffic storm control is disabled by default.
Command Modes
l2vpn bridge group bridge-domain access circuit configuration
l2vpn bridge group bridge-domain pseudowire configuration
Command History
Release |
Modification |
---|---|
Release 3.7.2 |
This command was introduced. |
Release 5.1 |
Support for storm control configuration for bridge domain was introduced. Also, a new unit kbps for storm control was introduced. |
Usage Guidelines
Traffic storm control provides Layer 2 port security under a VPLS bridge by preventing excess traffic from disrupting the bridge. Traffic storm control can be enabled on ACs and PWs under a VPLS bridge. Traffic storm control monitors incoming traffic levels on a port and drops traffic when the number of packets reaches the configured threshold level during any 1-second interval.
For each AC and PW port, you can enable traffic storm control for three types of traffic: broadcast, multicast, and unknown unicast.
The thresholds are configured at a packet-per-second (pps) and kilo bits per second (kbps) rate. When the number of packets of the specified traffic type reaches the configured threshold level, the port drops additional packets of that traffic type arriving at that port for the remainder of the 1-second interval. At the beginning of a new 1-second interval, traffic of the specified type is allowed to pass on the port.
The 1-second interval is set in the hardware and is not configurable. Use the pps keyword to configure the maximum number of packets allowed during each 1-second interval.
Drop counters maintain a cumulative count of the number of packets dropped because the threshold was reached.
Use the show l2vpn bridge-domain command to view all configured traffic storm control thresholds under a bridge and to view the current value of the storm control drop counters.
Note |
From Release 5.1, it is possible to configure storm control on both bridge domain level and bridge port level. When this happens, the storm control configured on the bridge port level will always take precedence. |
There is no restriction on what unit you can configure the storm control. Configuring mixed units under same bridge-domain or bridge port is allowed. However, the actual traffic policing will be converted to one of these two methods:
-
If ingress line card is an ASR 9000 Ethernet Line Card , pps unit will be used.
-
If ingress line card is an ASR 9000 Enhanced Ethernet Line Card or a newer line card, kbps unit will be used.
Note |
The ASR 9000 Ethernet Line Card does not support BW-based policing in kbps . However, kbps policing configuration is allowed on the ASR 9000 Ethernet Line Card. Then a conversion is performed from kbps to pps with an assumption of 1000 bytes per packet. |
Task ID
Task ID |
Operations |
---|---|
l2vpn |
read, write |
Examples
The following example enables two traffic storm control thresholds on a pseudowire:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# neighbor 10.1.1.1 pw-id 100
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# storm-control broadcast pps 4500
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# storm-control multicast pps 500
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end
Examples
This example shows how to enable traffic storm control on a bridge domain:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# storm-control unknown-unicast kbps 1280
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end
Examples
This example shows how to enable traffic storm control on a bridge EFP port:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group csco
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain abc
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/1/0/18
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# storm-control broadcast pps 70000
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-pw)# end